[lug] linux firewall, popup windows spam blocking

D. Stimits stimits at attbi.com
Sun Jun 22 15:29:31 MDT 2003 

Bear Giles wrote:

> On a related note, how do you send Window Messager messages?

There are apparently multiple routes in to do this. The UPS here uses 
it, but apparently broadcast of NetBEUI or UDP, or else direct port 135, 
137, or 139 can do this as well. Can anyone tell me if NetBEUI is truly 
its own protocol, that ipchains would distinguish differently from tcp 
and udp?

>
> Not to spam... but I think it could be a Good Thing for many of us to
> add Window Messager acks to our services.  We shouldn't just quietly
> block suspicious activities, we should honor these people for there
> initiative!

This would be ideal.

>
> This won't stop "pro" attackers, of course.  But it's fun to imagine
> some 14-year-old wannabe running his illicit program, then making a mess
> as the screen is flooded with "I see you" messages.

I've been told that the companies that sell spam lists are now selling 
spam software to use popups to directly trespass on machines. In this 
case, www.byebyeads.com is essentially doing a criminal trespass to 
directly invade the user's machine, and paste a note that says if y ou 
pay them their software fee (extortion money), that they will stop 
attacking the machine. I call it an attack because it has caused machine 
lockup and failure multiple times in the last day or two. I call it 
criminal because they are invading a private home, not a public web 
server, causing damage, and then asking for money to stop. I notified 
them to stop, yet they persist, which means they were warned (and they 
know it is trespassing, they just think there is nothing I can do about 
it). Unlike a typical open port, I told them to stop, and their attacks 
picked up.

>
> Besides the annoyance factor, this could even address those attackers
> attempting to turn wiretap laws against their victims when the attempt
> to take action - the message could contain some legal-sounding noise
> about all communications being logged and shared with third parties,
> including law enforcement, etc. Naturally at this point it would be a
> good idea to log that the message was actually sent, and if it was
> received (vs. blocked) if possible.

Actually, I sent a letter to one of our Colorado senators a while back, 
and he apparently has worked on legislation related to spam 
(pro-kill-the-spam) before I even talked to him. I think I am going to 
name these people and their tactics directly to him, and ask that it 
become an official criminal trespass to invade a port on a machine after 
being specifically requested to stop doing so. Someone else pasted a URL 
of an interesting article earlier, which mentioned that they are now 
looking to turn some spam related offenses into $25,000/day fines and 
prison sentences (exceeding a year). In any case, I don't consider 
lobotomizing the computer to be a valid cure, prisons sound better.

D. Stimits, stimits AT attbi DOT com

>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>

More information about the LUG mailing list